Skip to main content

Recently active topics

6
J
jwroblewskiJeff Wroblewski
 REST Collectors
REST Collector - Salesforce Records and Events Log Files

Acknowledgements: Many thanks to Tomás García Hidalgo and Roberto Moreda for their creation and contribution of this collector!Salesforce provides an API endpoint to execute a SOQL query to get records of the requested object.Salesforce defines standard objects, such as LoginHistory or SetupAuditTrail, whose records are useful in a SIEM pipeline. EventLogFile is a special case because its records contain data about event log files ready to be downloaded from a different endpoint.This Cribl REST Collector enables a compact way to get:Salesforce records using the Query endpoint Salesforce event monitoring content from EventLogFile records using the sObject Blob Get endpointFind the collector here. Usage InstructionsImport the Event Breaker Ruleset: Go to Processing -> Knowledge -> Event Breaker Rules -> Add Ruleset. Click on Manage as JSON and paste the content of breaker.json. Import the REST Collector: Go to Data -> Sources -> Collectors -> REST -> Add Collector.

40
J
M
Maliha BalalaNew Participant
 Stream
Load Balancer Example Configurations for Syslog

This document provides configuration examples and reference links for setting up third-party load balancers with Cribl Stream syslog deployments. Load balancers are essential for distributing syslog traffic across multiple Cribl Stream Worker Nodes, as syslog senders have no built-in load balancing capabilities. PrerequisitesBefore implementing these configurations, ensure you have:Multiple Cribl Stream Worker Nodes deployed Network connectivity between your load balancer and Worker Nodes Understanding of your syslog traffic patterns (UDP vs TCP, volume, etc.) Appropriate firewall rules and security policies in placeFor architectural guidance and best practices, see the main Cribl Stream Syslog Use Case Guide. Load Balancer RequirementsWhen configuring load balancers for syslog with Cribl Stream:For syslog traffic: Can use Application Load Balancer or Network Load Balancer Health checks: Ensure proper health check configuration for Worker Node availability Protocol support: Must suppor

350
M
M
Maliha BalalaNew Participant
 Edge
Migrating from Splunk Universal Forwarders to Cribl Edge

This guide provides comprehensive considerations for migrating your data collection infrastructure from Splunk Universal Forwarders (UFs) to Cribl Edge. Universal Forwarder migrations present unique challenges due to fundamental architectural differences between Splunk's agent model and Cribl Edge's Fleet-based approach.The UF to Edge migration generally follows these phases:Decide on your migration strategy Complete pre-migration planning specific to UF environments Implement your Edge configuration with UF-specific considerations Execute a controlled rolloutThis document focuses on Splunk UF-specific considerations. For general migration principles, strategy overview, and general considerations, refer to the Migrating from Third-Party Agents to Cribl Edge document. This guide assumes familiarity with the general migration framework outlined in that document.Important Note: This is a considerations guide, not step-by-step instructions. Complex UF migrations require careful planning an

370
M
V
VenkatNew Participant
 General
Query on SIEM parsing

Hi All,We are managing Crowdstrike NGSIEM  in our network and all the data sources are routed to Cribil and from Cribil , we are forwarding the logs to NGSIEM. Data source → Cribil →  NGSIEM I understand , we require parsers in NGSIEM to read the relevent logs received from the  datasources but I wish to know ,is there any parser concept present in cribil to onboard the logs from the different datasources.    

40
V
cbreshears
cbreshearsCommunity Manager
Version 4.13 ReleaseNews

Cribl Stream New SentinelOne AI SIEM Destination: Send data directly for faster, flexible ingestion. Better Worker Node Tracking: See connection status, last heartbeat, filter by state, and set retention for disconnected nodes. Drop Dimensions: Cut storage costs and speed up queries by dropping unused metric dimensions. Cribl Edge Bye PowerShell: No more dependency = faster, smoother deployments. Disconnected Edge Node Tracking: Just like Stream—know if your nodes are online, offline, or MIA. Cribl Lake Bigger Lakehouses: Up to 28 TB/day ingest + hydrate old data for faster investigations. Splunk DDSS Now GA: Directly ingest archive data from Splunk Cloud. Cribl Search Skip Event-Time Filtering: Prevent gaps by filtering on partition timestamps. Read Archived S3: Search restored Glacier data without permanent rehydration. Platform New FinOps Center: Track data costs, refunds, and ROI all in one place. Copilot Editor: Now edit existing Pipelines, with more schema support and

20
cbreshears
cbreshears
cbreshearsCommunity Manager
 Job Postings
Lead Director Observability Engineering

CVS has an exciting opportunity to lead a team transforming Observability at massive scale!https://jobs.cvshealth.com/us/en/job/R0634510/Lead-Director-Observability-Engineering

30
cbreshears

Badge winners

Show all badges
Terms & ConditionsCookie settings